Workforce Privacy Notice

Bellomy Research, Inc. Workforce Privacy Notice

Effective Date: February 28, 2024
Last Updated: February 28, 2024

This Workforce Privacy Notice (this “Notice”) describes how Bellomy Research, Inc. (“Bellomy,” “we,” “us,” or “our”) collects, uses, discloses, and protects the personal information of our California workforce, including our employees, independent contractors, job applicants, and job candidates who reside in California (our “Workforce”).

We are committed to protecting the privacy of our Workforce. Accordingly, we will use any Workforce personal information in accordance with this Notice. However, this Notice does not protect information you post to public areas or third-party websites, except as may be set forth herein. This Notice imposes no duties on us not imposed by state, federal, or other applicable law.

This Notice is designed to meet obligations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CPRA”). Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CPRA.

We reserve the right to modify or amend this Notice at any time to reflect changes in our personal information practices or applicable law. Should it be necessary to do so, we will notify you and/or request your express consent of material changes to this Notice by posting such changes to www.bellomy.com (our “Site”).

Non-Applicability:This Notice does not apply to our consumer facing website(s) or to those of our Workforce acting in their capacity as a consumer, which are addressed in our Bellomy Research, Inc. Privacy Notice.

If you wish to download and print a copy of this Notice, please click here.

1. Notice of Personal Information Practices

Personal Information Sources

We may collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with individuals in the Workforce (“Personal Information”). Personal Information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Health or medical information covered by the Health Insurance Portability and Accountability Act and the California Confidentiality of Medical Information Act; or
  • Personal information covered by various privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.

We may collect Personal Information directly from you, such as: (i) when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational, and employment data); (ii) indirectly from you, such as by observing your actions on our network or from information your computer or mobile device transmits when interacting with our network; (iii) from others through interactions in the course of employment or engagement; (iv) from third parties (e.g., references);

 

or (v) from public sources of data. For more information on the types of Personal Information we collect, see “Personal Information Collection and Disclosure by Category” below.

Purposes for Personal Information Collection and Use

Generally, we use Personal Information for Business Purposes (as defined within the CPRA) and as otherwise related to the operation of our business. For example, we may use Personal Information for the following purposes:

  • Background checks;
  • Drug screening;
  • Payroll, reimbursement, and timekeeping;
  • Processing work-related claims (e.g., worker’s compensation and insurance);
  • Booking employee travel;
  • Performance reviews;
  • Benefits administration;
  • Facilitating diversity and inclusion programs;
  • Analyzing employee retention and attrition;
  • Education, training, and development requirements;
  • Occupational health and safety;
  • Security (e.g., network and physical security); and
  • As required by law.

We may also use Personal Information for Additional Business Purposes (as defined within the CPRA) in a context that is not selling or sharing under the CPRA, such as:

  • Disclosing it to our service providers or contractors that perform services for us (“Vendors”);
  • Disclosing it to you or to other parties at your direction, through your action, or as otherwise requested or permitted by you to enable us to satisfy our obligations to you pursuant to your employment or engagement by Bellomy (e.g., payroll processors, benefits providers, some software platform operators, wellness program providers, insurance providers, etc.);
  • For the additional purposes explained at the time of collection (such as in any additional applicable privacy notice);
  • As required or permitted by applicable law;
  • To the government or private parties to comply with law or legal process, protect or enforce legal rights or obligations or prevent harm;
  • To investigate, prevent, or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
  • To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business.

Subject to restrictions and obligations under the CPRA, our Vendors may also use your Personal Information for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us. For more information on the types of Vendors to whom we disclose your Personal Information, see “Personal Information Collection and Disclosure by Category” below.

Personal Information Collection and Disclosure by Category

We do not and will not sell the Personal Information, including any sensitive Personal Information, we collect about our Workforce or share it with third parties for cross-contextual behavioral advertising.

We collect and disclose Personal Information as follows:
 

 

Category of Personal Information Examples of Personal Information Collected Categories of Recipients

Identifiers

Name, postal address, email address, phone number, Social Security number, government- issued identification, and date of birth.

Disclosures for Business Purposes:

  • General information technology (“IT”), software, and other business Vendors;
  • Human resources (“HR”) system and software Vendors;
  • Non-software HR vendors, such as drug screening Vendors;
  • Payroll and benefits Vendors;
  • Governmental entities (for example, in relation to our obligations to determine employment eligibility, responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants and third- party advisors) within the limits of Additional Business Purposes.

Sale/Share: None.

Personal Records

Name, signature, physical characteristics or description, postal address, telephone number, insurance policy number, medical information, drug screening records, health insurance information, and financial information (e.g., bank account number).

Some Personal Information included in this category may overlap with other categories.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Non-software HR Vendors, such as drug screening Vendors;
  • Payroll and benefits Vendors;
  • Governmental entities (e.g., in relation to our obligations to determine employment eligibility, responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants and third- party advisors) within the limits of Additional Business Purposes.

Sale/Share: None.

 

 

Category of Personal Information Examples of Personal Information Collected Categories of Recipients

Protected Classification Characteristics under California or Federal Law

Age (40 years or older), citizenship, marital status, medical condition, sex, and veteran or military status.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Governmental entities (e.g., responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None.

Commercial Information

Records of products or services purchased or obtained in the HR context, such as benefits you have signed up for.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Payroll and benefits Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Internet Usage Information

All activity on Bellomy IT resources and networks, such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, and usernames and passwords, and all activity on communications systems, such as phone calls, call logs, voicemails, chat logs, and other information regarding the Workforce’s use of Bellomy-issued devices.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Geolocation Data

If you use Bellomy systems, resources, or devices or interact with us online we may gain access to the approximate, and sometimes precise, location of the device

or equipment you are using, or the location from which you

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

 

 

Category of Personal Information Examples of Personal Information Collected Categories of Recipients
 

are accessing our systems. We may also track the location of Bellomy-owned equipment.

Sale/Share: None.

Sensory Data

We may collect audio, electronic, visual, or similar information such as via our video security recordings.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Professional or Employment Information

Professional, educational, or employment-related information, including current or past job history or performance evaluations.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Non-public Education Records

Education records directly related to a student, maintained by an educational institution or party acting on its behalf, such as grades and transcripts.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Information Derived from Personal Information Collected

Inferences from other personal information collected about you. These inferences may reflect your preferences, predispositions, abilities, and aptitudes.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Sensitive Personal Information

Government-issued identification numbers (Social Security, driver’s license, state

identification card, or passport number).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or

 

 

Category of Personal Information Examples of Personal Information Collected Categories of Recipients
   
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Account log-in (e.g., username and password to online account).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Financial data (financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • Payroll and benefits Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Precise geolocation

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

Personal characteristics (e.g., racial or ethnic origin), to the extent such information is voluntarily provided by an individual or as required by applicable law.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes

Sale/Share: None.

Health information (personal information collected and analyzed concerning an individual’s health), to the extent such information is voluntarily provided by an

individual or as required by applicable law.

Disclosures for Business Purposes:

  • General IT, software, and other business vendors;
  • Benefits Vendors; and/or

 

 

Category of Personal Information Examples of Personal Information Collected Categories of Recipients
   
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None.

 

2. Your Rights and How to Exercise Them

You have the same rights to know and request disclosure, access, deletion, correction, limitation, and opt- out as consumers and may learn more about these rights and how to exercise them in the Bellomy Research, Inc. Privacy Notice under section titled “Your State Data Privacy Rights.”

3. Security

To protect your Personal Information in our custody or control from theft, unauthorized access, use, modification, and disclosure, and to maintain its accuracy and integrity, we have implemented reasonable technical, physical, and administrative security measures. However, please note that no electronic transmission of information can be guaranteed to be entirely secure.

4. Retention

We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it and in accordance with our internal document retention policy and any applicable laws. Different retention periods may apply for different types of Personal Information. We will retain and use Personal Information as long as you have a professional relationship with us. Thereafter, we will keep your Personal Information for as long as is necessary to protect our legal interests and/or to keep records as required by law.

5. Contact Us

If you have any questions, comments, or concerns about our privacy practices or this Notice, please contact us by email at privacy@bellomy.com , via telephone at 800-443-7344, or via mail to the following postal address:

Bellomy Research, Inc.
Attn: Privacy
175 Sunnynoll Court
Winston-Salem, NC 27106